Wordpress Website Hacked and is Now Redirecting

CaptainDan

New member
Earlier this week, I visited one of my Wordpress blogs and to my surprise, I found that it was redirecting to a website with the URL of DoNotifyFriends[dot]info. I freaked out a bit and was just about to place a support ticket with my hosting provider (LiquidWeb) when I realized I could restore the website to an earlier version through my backup provider (CodeGuard). I was lucky that I hadn't written any new posts or changed the site any in the past week, so I went ahead and restored the site to two days previous. That worked perfectly and I was a happy camper.

Just as luck would have it, I woke up two days later and the blog was hacked again. This time, the domain was forwarding to BeMyLittleTeddy[dot]info and Gearbest[dot]com. By this point, I was pretty angry and I wanted to find out what was going on. I sent in a ticket to the site host after restoring the website again to a few days previous. This was their reply:

Typically these happen from outed or insecure plugins. A few plugins recently have been getting hit hard. With a couple, even if uninstalled, they leave items behind in the database that still allow a back door to be opened. With the site not redirecting, there is little we can go on now as we would need to see the site hacked and redirecting to start to track anything down.

Totally understandable. I was hoping they could look in the log files and get an idea of what happened. That's not likely to help much since I'm sure hackers use all sorts of IP addresses.

After this, I decided to install a security and firewall plugin on the website. After reading all sorts of reviews, I installed the WordFence plugin and am hoping this helps.

I'm wondering if anyone else has had their Wordpress website or blog hacked so it redirects to some spammy sites. This is getting on my nerves.
 

CaptainDan

New member
UPDATE

I've been checking out some tech forums and have found the culprit! Lot's of people are getting hit by this hack and it appears to be coming from an abandoned plugin. Sites with this old plugin installed are pointing to these spam domains. Everyone is looking for a solution.

The post I read that helped the most stated that the author disabled all of their plugins while the website was still redirecting. After they did this, the site was fine and it didn't appear to be hacked anymore. Then, they began activating each plugin, one by one, in an effort to see which one was causing the redirect.

In their case, the malicious redirect was caused by the yuzo-related-post plugin, which, as I just discovered, I have installed on my site. I also discovered that this Yuzo Related Post plugin has been discontinued since March 30, 2019. I not only turned the plugin off, but I also uninstalled it. I hope this helps and I don't get hacked again. I'm just concerned that, as my host stated, this plugin didn't leave anything behind in the database that is keeping a back door open.
 

CaptainDan

New member
I've written another post that explains how the Yuzo Related Posts plugin went wrong. I also linked to a few resources in that post. Take a look at it here:

 

alexmorco

New member
Some months back I faced this issue and didn't get a good response from my hosting provider (Shared hosting), just for the security reasons I have moved to WordPress hosting with Cloudways managed the platform, They offer security and 24/7 daily backup, Nothing went wrong yet so far.
 

CaptainDan

New member
I guess you're going to get bottom shelf support when you go with shared hosting, although it really does depend on what options you have, even if you're using a dedicated server. I use CodeGuard for backups and restored my website from an earlier version of it and I'm lucky I had that version. I suppose I could have waited to learn which file was targeted and simply removed that one. The news came out with that information in just a few days. In the meantime though, my site would have been redirecting to some strange places.

What's the moral of the story? Stay away from shady Wordpress plugins that are no longer being developed and always have backups of your websites.
 
Photographers! Show Off Your Photos!

Advertisement

Forum statistics

Threads
233
Messages
501
Members
46
Latest member
aaauydaaa
Top